SQL Injection Vulnerability in SourceCodester Internship Portal Management System
CVE-2024-3253

7.2HIGH

Key Information:

Vendor: SourceCodester
Status: Internship Portal Management System
Vendor: CVE Published:; 3 April 2024

Summary

A significant SQL injection vulnerability has been identified in the SourceCodester Internship Portal Management System version 1.0, specifically within the file admin/add_admin.php. This flaw allows an attacker to manipulate parameters such as name, username, or password, leading to unauthorized access to the underlying database. The remote exploitation of this vulnerability poses a serious threat, enabling attackers to execute arbitrary SQL commands, potentially leaking sensitive information and compromising user credentials. As this vulnerability has been publicly disclosed, organizations using this system must apply appropriate security measures to safeguard against potential exploits.

References

https://vuldb.com/?id.259102

https://vuldb.com/?ctiid.259102

https://vuldb.com/?submit.309214

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 3, 2024